DrayTek UK Users' Community Forum

Help, Advice and Solutions from DrayTek Users

IPv6, High Availability and VLAN's

  • bambamboyo
  • Topic Author
  • Offline
  • New Member
  • New Member
More
05 Mar 2019 00:21 #1 by bambamboyo
IPv6, High Availability and VLAN's was created by bambamboyo
Hello,

I wonder if someone can help me. I have two Draytek 2925's working in "High Availability" Hot standby mode - basically the primary router is usually online and the secondary router can take over if the primary fails. That all works with no issues. The routers are 192.168.20.4 (primary) and 192.168.20.5 (secondary) plus there is virtual gateway IP of 192.168.20.3 created by High Availability mode which can switch between either router if one fails.

I have two VLANS on the routers set up, the main VLAN1 mentioned above, and VLAN2 which is segregated from VLAN1, so it can only access the internet and not the computers on VLAN1 - such that the devices on the separate VLANs cannot see each other across the VLAN's

VLAN1
192.168.20.xx
for the High availability there is virtual gateway IP of 192.168.20.3
Router IPs 192.168.20.4 (primary) 192.168.20.5 (secondary)

VLAN2
192.168.40.xx
for the High availability there is virtual gateway IP of 192.168.40.3
Router IPs 192.168.40.4 (primary) 192.168.40.5 (secondary)

All of that works no problems.

Today my ISP enabled IPv6 for the connection, that is working OK and can access IPv6 sites with no issue.

The trouble now is that by IPv6 being enabled, the computers can see across the VLAN's by IPv6. (IPv4 remains isolated)

On the High Availability settings there are separate gateways which I set up for IPv4 on the two subnets, corresponding to the static IP's of the router in each subnet and the virtual IP being created from that - these are the gateways that the devices on each VLAN see.
LAN1 : 192.168.20.3
LAN2 : 192.168.40.3

On the IPv6 tab on this screen it shows the same for LAN1 and LAN 2
LAN1 :FE80::200:5EFF:FE00:101
LAN2 :FE80::200:5EFF:FE00:101

Devices on each VLAN are seeing the same IPv6 gateaway.
Is this what is allowing the machines to see each other between the VLANs?

Can anyone help me to be able to split the IPv6 addresses in to subnets with different gateway IP's so they can have access to internet on IPv6 but not see the computers between the VLANs on IPv6?
I believe I would need separate static IPv6 addresses for the VLANS and separate gateways in the High Availability screen - but I can't get it to work. Help!!

Any help would be gratefully appreciated!

Please Log in or Create an account to join the conversation.